First, you'll want to create rules of engagement - a list of attack
methods you do and dont want tested (ie spear phising, physical
penetration, social engineering). Also note if you want focus on
certain components of your infrastructure, or things you dont feel
confident about. Essentially, all th...